Merge branch 'main' into graph-api

Author: batamig

CloudAppSecurityDocs/app-governance-app-policies-create.md

@@ -7,7 +7,7 @@ description: Get started learning about app governance policies with Microsoft D
 
 # Get started with app policies
 
-Policies for app governance are a way to implement proactive and reactive alerts and automatic remediation for your specific needs for app compliance in your organization. You can create policies in app governance to manage OAuth apps in Microsoft Entra ID, Google and Salesforce.
+Policies for app governance are a way to implement proactive and reactive alerts and automatic remediation for your specific needs for app compliance in your organization. You can create policies in app governance to manage OAuth apps in Microsoft 365, Google and Salesforce.
 
 There are two types of policies in app governance:
 

CloudAppSecurityDocs/app-governance-app-policies-get-started.md

@@ -7,14 +7,14 @@ description: Manage your app governance policies.
 
 # Manage app policies
 
-Use app governance to manage OAuth policies for Microsoft Entra ID, Google Workspace, and Salesforce.
+Use app governance to manage OAuth policies for Microsoft 365, Google Workspace, and Salesforce.
 
 You might need to manage your app policies as follows to keep up-to-date with your organization's apps, respond to new app-based attacks, and for ongoing changes to your app compliance needs:
 
 - Create new policies targeted at new apps
 - Change the status of an existing policy (active, inactive, audit mode)
 - Change the conditions of an existing policy
-- Change the actions of an existing policy for autoremediation of alerts
+- Change the actions of an existing policy for auto-remediation of alerts
 
 <a name='manage-oauth-app-policies-for-azure-ad'></a>
 

CloudAppSecurityDocs/app-governance-app-policies-manage.md

@@ -17,7 +17,7 @@ Before you start, verify that you satisfy the following prerequisites:
 
 - Microsoft Defender for Cloud Apps must be present in your account as either a standalone product or as part of the various [license](#licensing) packages.
 
-    If you aren't already a Defender for Cloud Apps customer, you can [sign up for a free trial](https://www.microsoft.com/security/business/cloud-apps-defender).
+  If you aren't already a Defender for Cloud Apps customer, you can [sign up for a free trial](https://www.microsoft.com/security/business/cloud-apps-defender).
 
 - You must have [one of the appropriate roles](#roles) to turn on app governance and access it.
 

CloudAppSecurityDocs/app-governance-get-started.md

@@ -19,41 +19,41 @@ The **Overview** page shows the following details:
 For example:
 
 > [!div class="mx-imgBorder"]
->![Relative number of detected and policy-based incidents.](incidents-summary1.png)
->
+> ![Relative number of detected and policy-based incidents.](incidents-summary1.png)
+> 
 > [!div class="mx-imgBorder"]
->![top alerts.](media/app-governance-visibility-insights-compliance-posture/top-alerts.png)
+> ![top alerts.](media/app-governance-visibility-insights-compliance-posture/top-alerts.png)
 
 ## Data usage cards
 
 Data usage cards show the following types of information:
 
-- **Total data accessed by apps** in the tenant through Graph API over the current month and previous three calendar months. (Currently includes emails, files, and chat and channel messages read and written by apps that access Microsoft 365 using Graph API)
+- **Total data accessed by apps** in the tenant through Microsoft Graph and EWS APIs over the current month and previous three calendar months. (Currently includes emails, files, and chat and channel messages read and written by apps that access Microsoft 365 using Microsoft Graph and EWS APIs)
 
-- **Data usage over the current month and previous three calendar months**, broken down by resource type. (Currently includes emails, files, and chat and channel messages read and written by apps that access Microsoft 365 using Graph API)
+- **Data usage over the current month and previous three calendar months**, broken down by resource type. (Currently includes emails, files, and chat and channel messages read and written by apps that access Microsoft 365 using Microsoft Graph and EWS APIs)
 
 For example:
 
 > [!div class="mx-imgBorder"]
->![Total data accessed by apps.](media/app-governance-visibility-insights-compliance-posture/data-usage-chart.png)
+> ![Total data accessed by apps.](media/app-governance-visibility-insights-compliance-posture/data-usage-chart.png)
 
 ## Apps that access data on Microsoft 365
 
-For apps that access data on Microsoft 365, cards show the number of apps that have accessed data on SharePoint, OneDrive, Exchange Online, or Teams in the last 30 days
+For apps that access data on Microsoft 365, cards show the number of apps that have accessed data on SharePoint, OneDrive, Exchange Online, or Teams using Microsoft Graph and EWS APIs in the last 30 days.
 
 For example:
 
 > [!div class="mx-imgBorder"]
->![Apps that have accessed data on SharePoint, OneDrive, Exchange Online, or Teams in the last 30 days.](media/app-governance-visibility-insights-compliance-posture/apps-accessed-m365-services-chart.png)
+> ![Apps that have accessed data on SharePoint, OneDrive, Exchange Online, or Teams in the last 30 days.](media/app-governance-visibility-insights-compliance-posture/apps-accessed-m365-services-chart.png)
 
 ## Sensitivity labels accessed
 
-For sensitivity labeling data, cards show the number apps that have accessed content with sensitivity labels on SharePoint, OneDrive, Exchange Online or Teams in the last 30 days.
+For sensitivity labeling data, cards show the number apps that have accessed content with sensitivity labels on SharePoint, OneDrive, Exchange Online or Teams using Microsoft Graph and EWS APIs in the last 30 days.
 
 For example:
 
 > [!div class="mx-imgBorder"]
->![number apps that have accessed content with sensitivity labels.](sensitive-data-accessed-chart1.png)
+> ![number apps that have accessed content with sensitivity labels.](sensitive-data-accessed-chart1.png)
 
 ## Next steps
 

CloudAppSecurityDocs/app-governance-visibility-insights-compliance-posture.md

@@ -38,32 +38,48 @@ One of the primary value points for app governance is the ability to quickly vie
 1. On the **App governance** page, select one of the apps tabs to display your apps.
 
     The apps listed depend on the apps present in your tenant.
-
+   
 1. Filter the apps listed using one or more of the following default filter options:
 
-    - **API access**
-    - **Privilege level**
-    - **Permission usage**
-    - **Permission type**
-    - **Publisher verified**
-
+   - **API access**
+      
+   - **Privilege level**
+      
+   - **Permission** (Preview)
+      
+   - **Permission usage**
+      
+   - **App origin**
+      
+   - **Permission type**
+      
+   - **Publisher verified**
+      
     Use one of the following nondefault filters to further customize the apps listed:
-
-    - **Last modified**
-    - **Added on**
-    - **Certification**
-    - **Users**
-    - **Services accessed**
-    - **Data usage**
-    - **Sensitivity labels accessed**
-
-    > [!TIP]
-    > Save the query to save the currently selected filters for use again in the future.
-
+   
+   - **Last modified**
+      
+   - **Added on**
+      
+   - **Certification**
+      
+   - **Users**
+      
+   - **Services accessed**
+      
+   - **Data usage**
+      
+   - **Sensitivity labels accessed**
+   
+     > [!TIP]
+     > Save the query to save the currently selected filters for use again in the future.
+     
 1. Select the name of an app to view more details. For example:
 
-    :::image type="content" source="media/app-governance-visibility-insights-get-started/image2.png" alt-text="Screenshot of an app details pane showing an app summary.":::
-
+   ![Screenshot of an app details pane showing an app summary.](media/app-governance-visibility-insights-get-started/app-governance-app-list-view.png)
+   
+   
+   
 The details pane lists the app usage over the past 30 days, the users who have consented to the app, and the permissions assigned to the app. 
 
 For example, an administrator might review the activity and permissions of an app that is generating alerts and make a decision to disable the app using the **Disable App** button towards the bottom of the app details pane.

CloudAppSecurityDocs/app-governance-visibility-insights-get-started.md

@@ -17,21 +17,21 @@ For a summary of apps in your tenant, in Microsoft 365, go to **Cloud app > App
 
 For example:
 
-:::image type="content" source="media/app-governance-visibility-insights-view-apps/appg-cc-apps.png" alt-text="Screenshot of the Azure AD apps tab on the App governance page.":::
-
+:::image type="content" source="media/app-governance-visibility-insights-view-apps/app-governance-app-list-view-new.png" alt-text="Screenshot of the Azure AD apps tab on the App governance page.":::
 
 >[!NOTE]
 > Your sign-in account must have one of [these roles](app-governance-get-started.md#roles) to view any app governance data.
 >
 
-On the **Azure AD apps** tab, the apps in your tenant are listed with the following details:
+On the **Microsoft 365** tab, the apps in your tenant are listed with the following details:
 
 |Column name  |Description  |
 |---------|---------|
-|**App name** | The display name of the app as registered on Microsoft Entra ID |
-|**App status** | Shows whether the app is enabled or disabled, and if disabled by whom |
+| **App name** | The display name of the app as registered on Microsoft Entra ID |
+| **App status** | Shows whether the app is enabled or disabled, and if disabled by whom |
 | **Graph API access**| Shows whether the app has at least one Graph API permission |
 | **Permission type**| Shows whether the app has application (app only), delegated, or mixed permissions |
+| **App origin** (Preview)| Shows whether the app originated within the tenant or was registered in an external tenant |
 | **Consent type**| Shows whether the app consent has been given at the user or the admin level, and the number of users whose data is accessible to the app |
 | **Publisher**| Publisher of the app and their verification status |
 | **Last modified**| Date and time when registration information was last updated on Microsoft Entra ID |
@@ -55,13 +55,13 @@ You can also select **Search** to search for an app by name.
 
 Select a specific app in the grid to view more details on an apps details pane on the right. For example:
 
-:::image type="content" source="media/app-governance-visibility-insights-view-apps/image2.png" alt-text="Screenshot of an app details pane on the Azure AD tab.":::
+:::image type="content" source="media/app-governance-visibility-insights-view-apps/app-governance-app-list-view.png" alt-text="Screenshot of an app details pane on the Azure AD tab.":::
 
-The **Summary** tab also shows more data about the app, such as the date first consented and the App ID. To see the properties of the app as registered in Microsoft Entra ID, select **View app in Azure AD**.
+The **Summary** tab also shows more data about the app, such as the date first consented and the App ID. To see the properties of the app as registered in Microsoft Entra ID, select **View in Microsoft Entra ID**.
 
 In the details pane, select any of the following tabs to view more details:
 
-- Select the **Data usage** tab to view a graph of data usage over time, for Exchange, SharePoint, OneDrive, and Teams resources. For example:
+- Select the **Data usage** tab to view a graph of data usage over time, for Exchange, SharePoint, OneDrive, and Teams resources via Microsoft Graph and EWS APIs. For example:
 
     :::image type="content" source="media/app-governance-visibility-insights-view-apps/data-usage.png" alt-text="Screenshot of the Data usage tab.":::
 
@@ -73,7 +73,7 @@ In the details pane, select any of the following tabs to view more details:
 
     If an app is *admin consented*, the **Total consented users** are all users in the tenant.
 
-- Select the **Permissions** tab to see a summary and list of the Graph API and legacy permissions granted to the app, consent type, and whether they are in use. For example:
+- Select the **Permissions** tab to see a summary and list of the Graph API and legacy permissions granted to the app, consent type, privilege level and whether they are in use. For example:
 
     :::image type="content" source="media/app-governance-visibility-insights-view-apps/permissions.png" alt-text="Screenshot of the Permissions tab.":::
 
@@ -83,13 +83,8 @@ In the details pane, select any of the following tabs to view more details:
 
     :::image type="content" source="media/app-governance-visibility-insights-view-apps/sensitive-labels-details.png" alt-text="Screenshot of the Sensitivity labels tab.":::
 
-For an enabled app, there's also a **Disable app** control to disable the use of the selected app and an **Enable app** control to enable the use of the disabled app. These actions require at least the following administrator roles:
-
+For an enabled app, there's also a **Disable app** control to disable the use of the selected app and an **Enable app** control to enable the use of the disabled app. These actions require a *Company Administrator* administrator role.
 
-- *Compliance Administrator*
-- *Company Administrator*
-- *Security Administrator*
-- *Security Operator*
 
 ## Managing Google Workspace and Salesforce OAuth apps
 

CloudAppSecurityDocs/app-governance-visibility-insights-view-apps.md

@@ -1,32 +1,32 @@
 ---
-title: Differences between Defender for Cloud Apps and Microsoft 365 Cloud App Security
-description: This article describes the differences between Defender for Cloud Apps and Microsoft 365 Cloud App Security.
-ms.date: 05/19/2024
+title: Differences between Defender for Cloud Apps and Office 365 Cloud App Security
+description: This article describes the differences between Defender for Cloud Apps and Office 365 Cloud App Security.
+ms.date: 11/18/2024
 ms.topic: overview
 ---
-# Compare Microsoft Defender for Cloud Apps and Microsoft 365 Cloud App Security
+# Compare Microsoft Defender for Cloud Apps and Office 365 Cloud App Security
 
-This article describes the differences between Defender for Cloud Apps and Microsoft 365 Cloud App Security.
+This article describes the differences between Defender for Cloud Apps and Office 365 Cloud App Security.
 
-Both Microsoft Defender for Cloud Apps and Microsoft 365 Cloud App Security are accessed through the Microsoft Defender portal. Depending on your license, you'll either have access to Microsoft 365 Cloud App Security only or the entire Defender for Cloud Apps solution.
+Both Microsoft Defender for Cloud Apps and Office 365 Cloud App Security are accessed through the Microsoft Defender portal. Depending on your license, you'll either have access to Office 365 Cloud App Security only or the entire Defender for Cloud Apps solution.
 
-For more information, see the [Microsoft 365 licensing datasheet](https://aka.ms/M365EnterprisePlans).
+For more information, see the [Office 365 licensing datasheet](https://aka.ms/M365EnterprisePlans).
 
 ## Microsoft Defender for Cloud Apps
 
 Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps. With this service, you can gain visibility into Shadow IT by discovering cloud apps in use. You can control and protect data in the apps once you sanction them to the service.
 
-## Microsoft 365 Cloud App Security
+## Office 365 Cloud App Security
 
-Microsoft 365 Cloud App Security is a subset of Microsoft Defender for Cloud Apps that provides enhanced visibility and control for Microsoft 365. 
+Office 365 Cloud App Security is a subset of Microsoft Defender for Cloud Apps that provides enhanced visibility and control for Office 365. 
 
-Microsoft 365 Cloud App Security includes threat detection based on user activity logs, discovery of Shadow IT for apps that have similar functionality to Microsoft 365 offerings, control app permissions to Microsoft 365, and apply access and session controls. Microsoft 365 Cloud App Security has access to all of the features of Microsoft Defender for Cloud Apps, but supports only the Microsoft 365 app connector.
+Office 365 Cloud App Security includes threat detection based on user activity logs, discovery of Shadow IT for apps that have similar functionality to Office 365 offerings, control app permissions to Office 365, and apply access and session controls. Office 365 Cloud App Security has access to all of the features of Microsoft Defender for Cloud Apps, but supports only the Office 365 app connector.
 
 ### Feature support
 
-|Capability|Feature|Microsoft Defender for Cloud Apps|Microsoft 365 Cloud App Security|
+|Capability|Feature|Microsoft Defender for Cloud Apps|Office 365 Cloud App Security|
 |----|----|----|----|
-|Cloud discovery|Discovered apps |31,000 + cloud apps  |750+ cloud apps with similar functionality to Microsoft 365|
+|Cloud discovery|Discovered apps |31,000 + cloud apps  |750+ cloud apps with similar functionality to Office 365|
 ||Deployment for discovery analysis|<li> Manual upload <br> <li> Automated upload - Log collector and API <br> <li> Native Defender for Endpoint integration |Manual log upload|
 ||Log anonymization for user privacy|Yes||
 ||Access to full cloud app catalog|Yes||
@@ -39,12 +39,12 @@ Microsoft 365 Cloud App Security includes threat detection based on user activit
 ||Policy setting and enforcement|Yes||
 ||Integration with Microsoft Purview |Yes||
 ||Integration with third-party DLP solutions|Yes||
-|Threat Detection|Anomaly detection and behavioral analytics|For Cross-SaaS apps including Microsoft 365|For Microsoft 365 apps |
+|Threat Detection|Anomaly detection and behavioral analytics|For Cross-SaaS apps including Office 365|For Office 365 apps |
 ||Manual and automatic alert remediation|Yes|Yes|
-||SIEM connector|Yes. Alerts and activity logs for cross-SaaS apps.|For Microsoft 365 alerts only|
+||SIEM connector|Yes. Alerts and activity logs for cross-SaaS apps.|For Office 365 alerts only|
 ||Integration to Microsoft Intelligent Security Graph|Yes|Yes|
 ||Activity policies|Yes|Yes|
-|Conditional access app control|Real-time session monitoring and control|Any cloud and on-premises app|For Microsoft 365 apps|
+|Conditional access app control|Real-time session monitoring and control|Any cloud and on-premises app|For Office 365 apps|
 |Cloud Platform Security|Security configurations|For Azure, AWS, and GCP|For Azure|
 
 ## Next steps

CloudAppSecurityDocs/editions-cloud-app-security-o365.md

@@ -30,4 +30,7 @@ Microsoft Entra ID supports both browser-based and non browser-based policies. W
 
 Repeat this procedure to create a nonbrowser based Conditional Access policy. In the **Client apps** area, toggle the **Configure** option to **Yes**. Then, under **Modern authentication clients**, clear the **Browser** option. Leave all other default selections selected.
 
-For more information, see [Conditional Access policies](/azure/active-directory/conditional-access/overview) and [Building a Conditional Access policy](/entra/identity/conditional-access/concept-conditional-access-policies).
+Note: The Enterprise application “Microsoft Defender for Cloud Apps – Session Controls” is used internally by the Conditional Access App Control service. 
+Please ensure the CA policy does not restrict access to this application in the **Target resources**. 
+
+For more information, see [Conditional Access policies](/azure/active-directory/conditional-access/overview) and [Building a Conditional Access policy](/entra/identity/conditional-access/concept-conditional-access-policies).